Richard G
Verified User
Oke here is what's happening, never seen this before.
On the Centos 7 servers, just like on the Alma 8 server, clamav was changed from custombuild to OS version, working fine.
However, now I get a problem mail from cron from 1 server, but it's happening on all servers.
From
and
However, when looking in the maldetect and clamav directory's, these files (the .ndb and .hdb files) have the current date, so they are updated.
Still cron gives an error on 1 server.
So I don't know which log I checked, but I discovered this on both servers which is also mentioned in the first cron output.
I've searched and this seems a bug or issue, but I can't find a fix for it, other then removing the symlink from /var/tmp to /tmp which we do for many years to prevent malware execution in the /tmp directory's.
Never had issues with this, untill the clamav change as far as I can see.
Now when I issue the
However, this is very odd:
Why a "file not found" when I can use the exact same url using wget and the file will be downloaded just fine.
Why only 1 server sending cron failure e-mails about this, since all servers have the same cron and root's alias is the same on all?
And as said.. all the servers have the same issue with this update. Nothing else reports this /var/tmp error.
Anything which can be done to fix it, if possible without removing the /var/tmp symlink?
On the Centos 7 servers, just like on the Alma 8 server, clamav was changed from custombuild to OS version, working fine.
However, now I get a problem mail from cron from 1 server, but it's happening on all servers.
From
Cron <root@server> /usr/share/clamav/freshclam-sleep > /dev/null
ERROR: Can't download rfxn.ndb from http://www.rfxn.com/downloads/rfxn.ndb
ERROR: Database update process failed: HTTP GET failed
ERROR: Update failed.
systemd-tmpfiles: failed to open directory /var/tmp: too many levels of symbolic links
and
ERROR: Download failed (56) ERROR: Message: Failure when receiving data from the peer
ERROR: Can't download interserver256.hdb from http://sigs.interserver.net/interserver256.hdb
ERROR: Database update process failed: Connection failed
ERROR: Update failed.
However, when looking in the maldetect and clamav directory's, these files (the .ndb and .hdb files) have the current date, so they are updated.
Still cron gives an error on 1 server.
So I don't know which log I checked, but I discovered this on both servers which is also mentioned in the first cron output.
Code:
systemd-tmpfiles: failed to open directory /var/tmp: too many levels of symbolic links
I've searched and this seems a bug or issue, but I can't find a fix for it, other then removing the symlink from /var/tmp to /tmp which we do for many years to prevent malware execution in the /tmp directory's.
Never had issues with this, untill the clamav change as far as I can see.
Now when I issue the
service clamav-freshclam status
command on any server, this will appear as last:
Code:
Jan 10 13:40:23 server.mycompany.com freshclam[1225]: Trying again in 5 secs...
Jan 10 13:40:29 server.mycompany.com freshclam[1225]: WARNING: downloadFile: file not found: http://www.rfxn.com/downloads/rfxn.ndb
Jan 10 13:40:29 server.mycompany.com freshclam[1225]: WARNING: Can't download rfxn.ndb from http://www.rfxn.com/downloads/rfxn.ndb
Jan 10 13:40:29 server.mycompany.com freshclam[1225]: Trying again in 5 secs...
Jan 10 13:40:34 server.mycompany.com freshclam[1225]: WARNING: downloadFile: file not found: http://www.rfxn.com/downloads/rfxn.ndb
Jan 10 13:40:34 server.mycompany.com freshclam[1225]: ERROR: Can't download rfxn.ndb from http://www.rfxn.com/downloads/rfxn.ndb
Jan 10 13:40:34 server.mycompany.com freshclam[1225]: Update failed for custom database URL: http://www.rfxn.com/downloads/rfxn.ndb
Jan 10 13:40:34 server.mycompany.com freshclam[1225]: WARNING: fc_download_url_databases: fc_download_url_database failed: HTTP GET failed (11)
Jan 10 13:40:34 server.mycompany.com freshclam[1225]: ERROR: Database update process failed: HTTP GET failed
Jan 10 13:40:34 server.mycompany.com freshclam[1225]: ERROR: Update failed.
However, this is very odd:
Code:
WARNING: downloadFile: file not found: http://www.rfxn.com/downloads/rfxn.ndb
Why only 1 server sending cron failure e-mails about this, since all servers have the same cron and root's alias is the same on all?
And as said.. all the servers have the same issue with this update. Nothing else reports this /var/tmp error.
Anything which can be done to fix it, if possible without removing the /var/tmp symlink?